20
IMPLEMENTATION GUIDE Copyright © 2010, Juniper Networks, Inc. Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the accuracy of the information provided herein. Third party product descriptions and related technical details provided in this document are for information purposes only and such products are not supported by Juniper Networks. All information provided in this guide is provided “as is”, with all faults, and without warranty of any kind, either expressed or implied or statutory. Juniper Networks and its suppliers hereby disclaim all warranties related to this guide and the information contained herein, whether expressed or implied of statutory including, without limitation, those of merchantability, fitness for a particular purpose and noninfringement, or arising from a course of dealing, usage, or trade practice. CONFIGURING AND IMPLEMENTING A10 NETWORKS LOAD BALANCING SOLUTION WITH JUNIPER’S SSL VPN APPLIANCES

A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Embed Size (px)

Citation preview

Page 1: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

IMPLEMENTATION GUIDE

Copyright © 2010, Juniper Networks, Inc.

Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the accuracy of the information provided herein. Third party product descriptions and related technical details provided in this document are for information purposes only and such products are not supported by Juniper Networks. All information provided in this guide is provided “as is”, with all faults, and without warranty of any kind, either expressed or implied or statutory. Juniper Networks and its suppliers hereby disclaim all warranties related to this guide and the information contained herein, whether expressed or implied of statutory including, without limitation, those of merchantability, fitness for a particular purpose and noninfringement, or arising from a course of dealing, usage, or trade practice.

CoNfiguriNg ANd implemeNTiNg A10 NeTworks loAd BAlANCiNg soluTioN wiTh JuNiper’s ssl VpN AppliANCes

Page 2: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

2 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Table of Contentsintroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

description and deployment scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Configure AX2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

sA6500 Active-Active Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Creating a Cluster in sa6500-c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Adding a Cluster Member in sa6500-c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Joining a Cluster in sa6500-d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Monitoring a Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

SA Series Configuration References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

About A10 Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

About Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Table of Figuresfigure 1: logical topology overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

figure 2: logical topology overview with the ip addresses used in this example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

figure 3: select the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

figure 4: enter the ip address and mask for e1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

figure 5: set up hA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

figure 6: Configure the health monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

figure 7: Add the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

figure 8: Configure the source NAT pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

figure 9: enter general settings and click Add to include a virtual port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

figure 10: Configure port settings (settings for port 443 shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

figure 11: Configure the source-ip persistence template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

figure 12: Virtual ports configured and listed on the port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

figure 13: set up hA (compare with the setup for AX1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

figure 14: hA Config sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Page 3: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 3

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Introduction The combined solution of Juniper Networks® SA Series SSL VPN Appliances and the A10 Networks AX Series Advanced Traffic Manager provides an enhanced SSL VPN service. The access and security features of the SA Series are easily extended as needed by deploying AX Series server load-balancing functionality for additional security, availability, and capacity.

AX Series load balancers add the following benefits to an SA Series solution:

• Intelligent, flexible load-balancing algorithms to select the best SA Series node for each session

• Industry-leading connection speed, supporting greater than 500,000 new TCP connections per second

• Customizable health monitors to ensure service availability

• Stickiness options, such as persistence based on client source IP address

• Hardware-based protection against distributed denial of service (DDoS) attacks

• One virtual VPN server to provide a single point of access for all users in all locations

• High availability (HA) AX redundancy with session synchronization to eliminate single point of failure

figure 1: logical topology overview

figure 2: logical topology overview with the ip addresses used in this example

AX Load Balancer

SA Series Cluster

InternalApplications

INTERNET

USERS

AX Load Balancer

InternalApplications

INTERNET

USERS

172.16.0.12

172.16.0.11

SNAT 172.16.0.51vip 172.16.0.50

172.16.0.62

172.16.0.61

SA Series Cluster

Page 4: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

4 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Scope The deployment guide is intended to describe the installation steps necessary to implement the A10 Networks AX Series load balancer with the Juniper Networks SA Series SSL VPN Appliances solution. The guide is intended to provide detailed configuration information for organizations’ system engineers and technical staff.

Design ConsiderationsAX Series Appliances

Firmware: AX Series version 2.x or later

Platform: Any

Performance: AX Series appliances are high-performance systems, and characteristics vary by platform. Performance examples are provided in various third-party performance reports at http://www.a10networks.com. Sample figures:

• >500,000 new connections per second (CPS)

• Millions of concurrent sessions

• 1-9+ million hardware SYN/sec for DDoS

• Multi-Gb throughput

Juniper Networks IC Series Unified Access Control Appliances

• Software: 6.0R3.1 (build 12507) or later

• Platform: Juniper Networks SA6500 SSL VPN Appliance

• Performance: 5,000 simultaneous users per appliance

Description and Deployment ScenarioThis section enables solution implementation, detailing device configuration for all relevant protocols and interfaces.

The following procedures show you how to configure a pair of AX load balancers to provide HA and load balancing for a Juniper SA Series cluster. The configuration for the SA Series cluster follows.

Configure AX

First, AX1 will be configured, and then its configuration will be synchronized to AX2.

Add the IP Address to the Interface

1. Select Config Mode > Network > Interface.

2. In the Interface column, click on “e1.”

3. Expand the IPv4 tab.

4. Enter the IP address and mask in the IP Address and Mask fields. In this example, enter 172.16.0.11 and 255.255.255.0.

5. Click OK at the bottom of the window. The interface list reappears.

Page 5: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 5

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 3: select the interface

figure 4: enter the ip address and mask for e1

Page 6: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

6 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Add the Default Gateway

1. Select Config Mode > Network > Route.

2. Click Add.

3. In the IP Address Prefix field, enter 0.0.0.0.

4. In the Netmask field, enter 0.0.0.0.

5. In the Gateway field, enter 172.16.0.1.

6. Click OK. The default route appears in the route table.

Set up HA

1. Select Config Mode > HA > Setting.

2. On the General tab, select “1” from the Identifier drop-down list.

3. Click Enabled next to HA Status.

4. Click Enabled next to Preempt Status.

5. In the HA Mirroring IP Address field, enter the IP address of AX2 (172.16.0.12 in this example).

6. Enter Group parameters:

a. Expand the Group tab.

b. Select “1” from the Group Name drop-down list.

c. In the Priority field, enter 100.

d. Click Add.

7. Click OK at the bottom of the page.

8. Enable SSH access on the HA interface:

a. Select Config Mode > System > Access Control.

b. Select the SSH checkbox in the row for ethernet1.

c. Click OK.

figure 5: set up hA

Page 7: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 7

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Set up a Service Group for the SA Series Cluster

1. Select Config Mode > Service > SLB.

2. On the menu bar, select Service Group.

3. Click Add.

4. For the Name, enter “sa_group.”

5. For the Type, leave “TCP” selected.

6. For the load-balancing Algorithm, select Least Connection.

7. Configure an HTTPS health monitor:

a. In the Health Monitor drop-down list, select “create.” The configuration tabs for configuring a health monitor appear.

b. In the Name field, enter “sa_monitor.” From the Type drop-down list, select HTTPS.

c. Click OK. The service group configuration tabs reappear.

8. Add the SA Series servers:

a. On the Server tab, in the Server field, enter the IP address of an SA Series server. (In this example, enter 172.16.0.61.)

b. In the Port field, enter 0.

c. Click Add.

d. Repeat for the second SA Series server, but enter IP address 172.16.0.62.

9. Click OK at the bottom of the page to finish creating the service group.

Page 8: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

8 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 6: Configure the health monitor

Page 9: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 9

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 7: Add the servers

Set up the Source NAT Pool

1. Select Config Mode > Service > SNAT.

2. Click Add.

3. In the Name field, enter “sa_snat.”

4. In both IP Address fields, enter 172.16.0.51.

5. In the Netmask field, enter 255.255.255.0.

6. From the HA Group drop-down list, select “1.”

7. Click OK.

Page 10: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

10 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 8: Configure the source NAT pool

Set up the Virtual Server

1. Select Config Mode > Service > SLB.

2. On the menu bar, select Virtual Server.

3. Click Add.

4. In the Name field, enter “sa_vip.”

5. In the IP Address field, enter the IP address at which clients will request the SA Series service. This is the IP address that DNS should send when replying to client queries for the SA Series service. In this example, enter 172.16.0.50.

6. From the HA Group drop-down list, select the HA group configured previously (group ID “1”).

7. Configure a virtual port:

a. On the Port tab, click Add. The Virtual Server Port tab appears.

b. From the Type drop-down list, select TCP if not already selected.

c. In the Port field, enter “443.”

d. From the Service Group drop-down list, select “sa_group.”

e. Select Enabled next to HA Connection Mirror.

f. From the Source NAT Pool drop-down list, select “sa_snat.”

g. From the Persistence Template Type drop-down list, select Source IP Persistence Template.

h. From the Source IP Persistence Template field, select “create.” The configuration tab for the template appears.

i. In the Name field, enter “ sa_source.”

j. In the Timeout, change the value to 20.

k. Click OK to return to the Virtual Server Port tab. The port appears on the Port tab.

8. Click Add again to configure another virtual port. For this port, use the following settings:

• Type – Others

• Port – 0

• Service Group – sa_group

• Source NAT Pool - sa_snat

• Source IP Persistence Template – sa_source

9. Click OK.

10. Click OK again to finish creating the virtual server.

Page 11: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 11

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 9: enter general settings and click Add to include a virtual port

figure 10: Configure port settings (settings for port 443 shown)

Page 12: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

12 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 11: Configure the source-ip persistence template

figure 12: Virtual ports configured and listed on the port tab

Page 13: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 13

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Configure AX2Add the IP Address to the Interface

1. Select Config Mode > Network > Interface.

2. In the Interface column, click on “e1.”

3. Expand the IPv4 tab.

4. Enter the IP address and mask in the IP Address and Mask fields. In this example, enter 172.16.0.12 and 255.255.255.0.

5. Click OK at the bottom of the window. The interface list reappears.

Add the Default Gateway

1. Select Config Mode > Network > Route.

2. Click Add.

3. In the IP Address Prefix field, enter 0.0.0.0.

4. In the Netmask field, enter 0.0.0.0.

5. In the Gateway field, enter 172.16.0.1.

6. Click OK. The default route appears in the route table.

Set up HA

1. Select Config Mode > HA > Setting.

2. On the General tab, select “2” from the Identifier drop-down list.

3. Click Enabled next to HA Status.

4. Click Enabled next to Preempt Status.

5. In the HA Mirroring IP Address field, enter the IP address of AX1 (172.16.0.11 in this example).

6. Enter Group parameters:

a. Expand the Group tab.

b. Select “1” from the Group Name drop-down list.

c. In the Priority field, enter 90.

d. Click Add.

7. Click OK at the bottom of the page.

8. Enable SSH access on the HA interface:

a. Select Config Mode > System > Access Control.

b. Select the SSH checkbox in the row for ethernet2.

c. Click OK.

Page 14: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

14 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

figure 13: set up hA (compare with the setup for AX1)

Synchronize the Load-Balancing Configuration from AX1 to AX2

1. Select Config Mode > HA > Config Sync.

2. Enter the admin username and password required for Enable access to AX1 (in this example, “admin” and “a10”).

3. Click OK.

figure 14: hA Config sync

Page 15: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 15

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

SA6500 Active-Active Configuration

Table 1: License

NODE LICENSE COMMENTsa6500-c • Enables 5,000 simultaneous users of SA6500

• Enables Juniper Networks Secure Application Manager and Network Connect for SA6500

• License for total concurrent users

• License to use Network Connect

sa6500-d • Enables clustering: Allows 5,000 additional users to be shared from another SA6500

• Clustering license for second node

Creating a Cluster in sa6500-c1. To create a new cluster, choose…

Page 16: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

16 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

2. By default, a cluster is created in the active-active configuration. To modify the settings, choose Clustering > Properties. Then make your changes. For instance, you can select disable external interface when internal interface fails as shown here.

3. When you are finished making changes, click the Save Changes button.

Page 17: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 17

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Adding a Cluster Member in sa6500-c4. Before a cluster member can join a cluster, you need to define it. Choose Clustering > Status. Two cluster

members, sa6500-c and sa6500-d, are defined in the following screenshot.

5. To add a member to the cluster, select the cluster on the Status tab.

6. Click the Add Members button. The following screenshot shows how to add sa6500-d as a cluster member.

7. Click the Add button to include the cluster member.

Page 18: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

18 Copyright © 2010, Juniper Networks, Inc.

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Joining a Cluster in sa6500-d1. After cluster information has been defined for sa6500-c, it is time for sa6500-d to join the cluster. Log in

1. sa6500-d admin URL and choose Cluster > Join. Enter the cluster name, cluster password, and existing member address (for example, the internal address of sa6500-c).

Page 19: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

Copyright © 2010, Juniper Networks, Inc. 19

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

Monitoring a Cluster1. To display the status of the current cluster, choose Clustering > Status.

2. To display a dashboard showing the system status for all cluster members, choose System > Status.

Page 20: A10 Networks AX Series and Juniper Networks SA Series … · Title: A10 Networks AX Series and Juniper Networks SA Series SSL VPN Appliances Configuring and Implementing A10 Networks

implemeNTATioN guide - Configuring and implementing A10 Networks load Balancing solution with Juniper’s ssl VpN Appliances

20

8010041-002-EN Oct 2010

Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

EMEA Headquarters

Juniper Networks Ireland

Airside Business Park

Swords, County Dublin, Ireland

Phone: 35.31.8903.600

EMEA Sales: 00800.4586.4737

Fax: 35.31.8903.601

APAC Headquarters

Juniper Networks (Hong Kong)

26/F, Cityplaza One

1111 King’s Road

Taikoo Shing, Hong Kong

Phone: 852.2332.3636

Fax: 852.2574.7803

Corporate and Sales Headquarters

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089 USA

Phone: 888.JUNIPER (888.586.4737)

or 408.745.2000

Fax: 408.745.2100

www.juniper.net

Printed on recycled paper

To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.

SA Series Configuration References• SA Series system software downloads: http://www.juniper.net/techpubs/software/ive/

• Juniper Networks Knowledge Base: http://kb.juniper.net/

• SSL VPN (IVE) Version 6.0 technical documents: http://www.juniper.net/techpubs/software/ive/6.x/6.0/

SummaryThe SSL VPN solution consisting of Juniper Networks SA Series SSL VPN Appliances and A10 Networks AX Series provides one of the most reliable and scalable secure access solutions. New and existing SSL VPN deployments alike can benefit from AX Series features including configurable health monitors, flexible load balancing, and persistence (“stickiness”) options—and HA. hardware-based DDoS protection detects and drops unfriendly TCP traffic while allowing legitimate user traffic to the SA Series nodes. HA eliminates service interruption due to AX or link unavailability. GSLB provides additional flexibility and ease of use, enabling a single-user access experience across multiple sites—regardless of user location—while transparently directing the user to the best site based on site health, user location, and other configurable metrics.

AX Series server load balancers allow SA Series deployments to scale in support of today’s mobile workforce. Tomorrow’s ever-increasing numbers of users—running increasingly bandwidth-intensive applications—continue to enjoy fast, reliable secured access without the need to manage and utilize multiple URLs due to user location or network load. For additional AX Series information, please visit www.a10networks.com.

About A10 Networks A10 Networks was founded in Q4 2004 with a mission to provide innovative networking and security solutions. A10 Networks makes high-performance products that help organizations accelerate, optimize and secure their applications. A10 Networks is headquartered in Silicon Valley with offices in the United States, EMEA, Japan, China, Korea and Taiwan. For more information, visit www.a10networks.com.

About Juniper NetworksJuniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.